CN112003859A - Data encryption method and device and decryption method and device - Google Patents

Data encryption method and device and decryption method and device Download PDF

Info

Publication number
CN112003859A
CN112003859A CN202010849238.7A CN202010849238A CN112003859A CN 112003859 A CN112003859 A CN 112003859A CN 202010849238 A CN202010849238 A CN 202010849238A CN 112003859 A CN112003859 A CN 112003859A
Authority
CN
China
Prior art keywords
data frame
data
plaintext
ciphertext
segment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010849238.7A
Other languages
Chinese (zh)
Other versions
CN112003859B (en
Inventor
王斌
孟贺
李寒霜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Xugong Construction Machinery Research Institute Co ltd
Original Assignee
Jiangsu Xugong Construction Machinery Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Xugong Construction Machinery Research Institute Co ltd filed Critical Jiangsu Xugong Construction Machinery Research Institute Co ltd
Priority to CN202010849238.7A priority Critical patent/CN112003859B/en
Publication of CN112003859A publication Critical patent/CN112003859A/en
Application granted granted Critical
Publication of CN112003859B publication Critical patent/CN112003859B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本公开涉及一种数据的加密方法、装置和解密方法、装置,涉及信息安全技术领域。该加密方法包括:根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥;利用密钥,对明文数据帧进行加密以获取密文数据帧,密文数据帧的数据帧特征与明文数据帧的数据帧特征具有映射关系;将密文数据帧发送给解密装置,以便解密装置根据映射关系、密钥生成算法对密文数据帧进行解密。

Figure 202010849238

The present disclosure relates to a data encryption method, device, and decryption method and device, and relates to the technical field of information security. The encryption method includes: according to the data frame characteristics of the extracted plaintext data frame, using a key generation algorithm to generate a key; using the key, encrypting the plaintext data frame to obtain the ciphertext data frame, the data frame of the ciphertext data frame The feature has a mapping relationship with the data frame feature of the plaintext data frame; the ciphertext data frame is sent to the decryption device, so that the decryption device decrypts the ciphertext data frame according to the mapping relationship and the key generation algorithm.

Figure 202010849238

Description

数据的加密方法、装置和解密方法、装置Data encryption method and device and decryption method and device

技术领域technical field

本公开涉及信息安全技术领域,特别涉及一种数据的加密方法、数据的加密装置、数据的解密方法、数据的解密装置、电子设备、数据的传输系统和非易失性计算机可读存储介质。The present disclosure relates to the technical field of information security, and in particular, to a data encryption method, a data encryption device, a data decryption method, a data decryption device, an electronic device, a data transmission system, and a non-volatile computer-readable storage medium.

背景技术Background technique

当前,国内外CAN(Controller Area Network,控制器局域网络)总线的应用越来越广泛,尤其是在汽车和工程机械行业,CAN总线通信在实时性要求高的数据传输场合尤为重要。因此,CAN总线通信安全问题越来越受到重视。At present, the application of CAN (Controller Area Network) bus at home and abroad is more and more extensive, especially in the automobile and construction machinery industries, CAN bus communication is particularly important in data transmission occasions with high real-time requirements. Therefore, the safety of CAN bus communication has been paid more and more attention.

在相关技术中,采用固定密钥或者通过在通信双方之间传输动态密钥,实现数据的加密传输。In the related art, the encrypted transmission of data is realized by using a fixed key or by transmitting a dynamic key between the two communicating parties.

发明内容SUMMARY OF THE INVENTION

本公开的发明人发现上述相关技术中存在如下问题:密钥容易被侦听和捕捉,造成加密方法易被破解,从而导致通信安全性降低。The inventor of the present disclosure found that the above-mentioned related art has the following problems: the key is easy to be intercepted and captured, which causes the encryption method to be easily cracked, thereby reducing the communication security.

鉴于此,本公开提出了一种数据的加密技术方案,能够提高通信安全性。In view of this, the present disclosure proposes a data encryption technical solution, which can improve communication security.

根据本公开的一些实施例,提供了一种数据的加密方法,包括:根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥;利用所述密钥,对所述明文数据帧进行加密以获取密文数据帧,所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征具有映射关系;将所述密文数据帧发送给解密装置,以便所述解密装置根据所述映射关系、所述密钥生成算法对所述密文数据帧进行解密。According to some embodiments of the present disclosure, a method for encrypting data is provided, including: generating a key by using a key generation algorithm according to data frame characteristics of an extracted plaintext data frame; and using the key to encrypt the plaintext The data frame is encrypted to obtain a ciphertext data frame, the data frame characteristics of the ciphertext data frame and the data frame characteristics of the plaintext data frame have a mapping relationship; the ciphertext data frame is sent to the decryption device, so that the The decryption device decrypts the ciphertext data frame according to the mapping relationship and the key generation algorithm.

在一些实施例中,所述根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥包括:根据提取的明文数据帧中至少一个数据段的数据帧特征,生成所述密钥,所述明文数据帧和所述密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、CRC(Cyclic Redundancy Check,循环冗余校验)段、ACK(Acknowledge,应答)段、帧结束段中的至少一项。In some embodiments, using a key generation algorithm according to the data frame characteristics of the extracted plaintext data frame, and generating the key includes: generating the secret key according to the data frame characteristics of at least one data segment in the extracted plaintext data frame. The data segment of the plaintext data frame and the ciphertext data frame includes a frame start segment, an arbitration segment, a control segment, a data segment, a CRC (Cyclic Redundancy Check, cyclic redundancy check) segment, an ACK (Acknowledge, At least one of the response) segment and the end-of-frame segment.

在一些实施例中,所述数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、CAN-ID(控制器局域网络标识)中的至少一项。In some embodiments, the data frame characteristics include the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, CAN-ID (Controller Area Network Identification) at least one of.

在一些实施例中,所述映射关系包括:所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征相同;或者所述密文数据帧的数据帧特征经变换后与所述明文数据帧的数据帧特征相同。In some embodiments, the mapping relationship includes: the data frame feature of the ciphertext data frame is the same as the data frame feature of the plaintext data frame; or the data frame feature of the ciphertext data frame is transformed with the The data frame characteristics of the plaintext data frame are the same.

在一些实施例中,所述加密方法还包括:将采集的数据数据处理为CAN数据帧作为所述明文数据帧;其中,所述将所述密文数据帧发送给解密装置包括:通过CAN总线将所述密文数据帧发送给所述解密装置。In some embodiments, the encryption method further comprises: processing the collected data into a CAN data frame as the plaintext data frame; wherein, the sending the ciphertext data frame to the decryption device comprises: using a CAN bus Send the ciphertext data frame to the decryption device.

根据本公开的另一些实施例,提供一种数据的解密方法包括:接收加密装置发来的密文数据帧,所述密文数据帧的数据帧特征与相应的明文数据帧的数据帧特征具有映射关系;根据提取的密文数据帧的数据帧特征,利用所述映射关系,确定所述明文数据帧的数据帧特征;根据所述明文数据帧的数据帧特征,利用密钥生成算法,生成密钥;利用所述密钥,对所述密文数据帧进行解密以获取明文数据帧。According to other embodiments of the present disclosure, providing a method for decrypting data includes: receiving a ciphertext data frame sent by an encryption device, wherein the data frame feature of the ciphertext data frame and the data frame feature of the corresponding plaintext data frame have mapping relationship; according to the data frame feature of the extracted ciphertext data frame, use the mapping relationship to determine the data frame feature of the plaintext data frame; according to the data frame feature of the plaintext data frame, use a key generation algorithm to generate a key; using the key, decrypt the ciphertext data frame to obtain a plaintext data frame.

在一些实施例中,所述根据所述明文数据帧的数据帧特征,利用密钥生成算法,生成密钥包括:根据所述明文数据帧中至少一个数据段的数据帧特征,生成所述密钥,所述明文数据帧和所述密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、CRC段、ACK段、帧结束段中的至少一项。In some embodiments, using a key generation algorithm according to the data frame characteristics of the plaintext data frame, and generating the key includes: generating the encryption key according to the data frame characteristics of at least one data segment in the plaintext data frame. The data segment of the plaintext data frame and the ciphertext data frame includes at least one of a frame start segment, an arbitration segment, a control segment, a data segment, a CRC segment, an ACK segment, and a frame end segment.

在一些实施例中,所述数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、CAN-ID中的至少一项。In some embodiments, the data frame characteristics include at least one of the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, and CAN-ID.

在一些实施例中,所述映射关系包括:所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征相同;或者所述密文数据帧的数据帧特征经变换后与所述明文数据帧的数据帧特征相同。In some embodiments, the mapping relationship includes: the data frame feature of the ciphertext data frame is the same as the data frame feature of the plaintext data frame; or the data frame feature of the ciphertext data frame is transformed with the The data frame characteristics of the plaintext data frame are the same.

在一些实施例中,所述解密方法还包括:将获取的所述明文数据帧,输出给相关部件,以便所述相关部件进行相应处理。In some embodiments, the decryption method further includes: outputting the acquired plaintext data frame to a relevant component, so that the relevant component can perform corresponding processing.

根据本公开的又一些实施例,提供一种数据的加密装置包括:加密模块,用于根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥,利用所述密钥,对所述明文数据帧进行加密以获取密文数据帧,所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征具有映射关系;发送模块,用于将所述密文数据帧发送给解密装置,以便所述解密装置根据所述映射关系、所述密钥生成算法对所述密文数据帧进行解密。According to further embodiments of the present disclosure, a data encryption device is provided, comprising: an encryption module configured to generate a key by using a key generation algorithm according to the data frame characteristics of the extracted plaintext data frame, and using the key, Encrypting the plaintext data frame to obtain a ciphertext data frame, the data frame feature of the ciphertext data frame and the data frame feature of the plaintext data frame have a mapping relationship; a sending module is used to send the ciphertext data frame. The frame is sent to a decryption device, so that the decryption device decrypts the ciphertext data frame according to the mapping relationship and the key generation algorithm.

在一些实施例中,所述加密模块根据提取的明文数据帧中至少一个数据段的数据帧特征,生成所述密钥。所述明文数据帧和所述密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、CRC段、ACK段、帧结束段中的至少一项。In some embodiments, the encryption module generates the key according to the data frame characteristics of at least one data segment in the extracted plaintext data frame. The data segments of the plaintext data frame and the ciphertext data frame include at least one of a frame start segment, an arbitration segment, a control segment, a data segment, a CRC segment, an ACK segment, and a frame end segment.

在一些实施例中,所述数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、CAN-ID中的至少一项。In some embodiments, the data frame characteristics include at least one of the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, and CAN-ID.

在一些实施例中,所述映射关系包括:所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征相同;或者所述密文数据帧的数据帧特征经变换后与所述明文数据帧的数据帧特征相同。In some embodiments, the mapping relationship includes: the data frame feature of the ciphertext data frame is the same as the data frame feature of the plaintext data frame; or the data frame feature of the ciphertext data frame is transformed with the The data frame characteristics of the plaintext data frame are the same.

在一些实施例中,所述发送模块通过CAN总线将所述密文数据帧发送给所述解密装置。In some embodiments, the sending module sends the ciphertext data frame to the decryption device through a CAN bus.

在一些实施例中,所述的加密装置还包括数据采集模块,用于采集待传输数据。所述加密模块将所述待传输数据处理为CAN数据帧作为所述明文数据帧。In some embodiments, the encryption device further includes a data collection module for collecting data to be transmitted. The encryption module processes the data to be transmitted into a CAN data frame as the plaintext data frame.

根据本公开的再一些实施例,提供一种数据的解密装置,包括:接收模块,用于接收加密装置发来的密文数据帧,所述密文数据帧的数据帧特征与相应的明文数据帧的数据帧特征具有映射关系;解密模块,用于根据提取的密文数据帧的数据帧特征,利用所述映射关系,确定所述明文数据帧的数据帧特征,根据所述明文数据帧的数据帧特征,利用密钥生成算法,生成密钥,利用所述密钥,对所述密文数据帧进行解密以获取明文数据帧。According to further embodiments of the present disclosure, there is provided a data decryption device, comprising: a receiving module configured to receive a ciphertext data frame sent from an encryption device, wherein the data frame characteristics of the ciphertext data frame and corresponding plaintext data The data frame feature of the frame has a mapping relationship; the decryption module is used to determine the data frame feature of the plaintext data frame according to the data frame feature of the extracted ciphertext data frame by using the mapping relationship, and according to the data frame feature of the plaintext data frame. For the data frame feature, a key generation algorithm is used to generate a key, and the key is used to decrypt the ciphertext data frame to obtain a plaintext data frame.

在一些实施例中,所述解密模块根据所述明文数据帧中至少一个数据段的数据帧特征,生成所述密钥,所述明文数据帧和所述密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、CRC段、ACK段、帧结束段中的至少一项。In some embodiments, the decryption module generates the key according to a data frame feature of at least one data segment in the plaintext data frame, and the data segment of the plaintext data frame and the ciphertext data frame includes a frame start At least one of the initial segment, the arbitration segment, the control segment, the data segment, the CRC segment, the ACK segment, and the frame end segment.

在一些实施例中,所述数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、CAN-ID中的至少一项。In some embodiments, the data frame characteristics include at least one of the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, and CAN-ID.

在一些实施例中,所述映射关系包括:所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征相同;或者所述密文数据帧的数据帧特征经变换后与所述明文数据帧的数据帧特征相同。In some embodiments, the mapping relationship includes: the data frame feature of the ciphertext data frame is the same as the data frame feature of the plaintext data frame; or the data frame feature of the ciphertext data frame is transformed with the The data frame characteristics of the plaintext data frame are the same.

在一些实施例中,所述解密装置还包括数据输出模块,用于将获取的所述明文数据帧,输出给相关部件,以便所述相关部件进行相应处理。In some embodiments, the decryption apparatus further includes a data output module, configured to output the acquired plaintext data frame to a relevant component, so that the relevant component can perform corresponding processing.

根据本公开的再一些实施例,提供一种电子设备,包括:存储器;和耦接至所述存储器的处理器,所述处理器被配置为基于存储在所述存储器装置中的指令,执行上述任一个实施例中的数据的加密方法,或者数据的解密方法。According to still further embodiments of the present disclosure, there is provided an electronic device comprising: a memory; and a processor coupled to the memory, the processor configured to execute the above based on instructions stored in the memory device The encryption method of data in any one of the embodiments, or the decryption method of data.

根据本公开的再一些实施例,提供一种数据的传输系统包括:至少一个第一数据传输装置,包括上述任一个实施例中的数据的加密装置或者电子设备;至少一个第二数据传输装置,包括上述任一个实施例中的数据的解密装置或者电子设备。According to further embodiments of the present disclosure, a data transmission system is provided, comprising: at least one first data transmission device, including the data encryption device or electronic device in any of the foregoing embodiments; at least one second data transmission device, A decryption apparatus or electronic device including the data in any of the above embodiments.

根据本公开的再一些实施例,提供一种非易失性计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述任一个实施例中的数据的加密方法或者数据的解密方法。According to further embodiments of the present disclosure, there is provided a non-volatile computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, implements the data encryption method or data in any of the foregoing embodiments decryption method.

在上述实施例中,根据当前的数据帧特征生成密钥,对数据进行加密传输。这样,无需在数据传输过程中传递密钥即可实现数据的动态加密,从而提高了通信安全性。In the above embodiment, the key is generated according to the current data frame characteristics, and the data is encrypted and transmitted. In this way, dynamic encryption of data can be achieved without passing a key during data transmission, thereby improving communication security.

附图说明Description of drawings

构成说明书的一部分的附图描述了本公开的实施例,并且连同说明书一起用于解释本公开的原理。The accompanying drawings, which form a part of the specification, illustrate embodiments of the present disclosure and together with the description serve to explain the principles of the present disclosure.

参照附图,根据下面的详细描述,可以更加清楚地理解本公开,其中:The present disclosure may be more clearly understood from the following detailed description with reference to the accompanying drawings, wherein:

图1示出本公开的数据的加密方法的一些实施例的流程图;FIG. 1 shows a flowchart of some embodiments of the encryption method of data of the present disclosure;

图2示出本公开的数据的解密方法的一些实施例的流程图;FIG. 2 shows a flowchart of some embodiments of the decryption method of data of the present disclosure;

图3示出本公开的数据的加密装置和解密装置的一些实施例的示意图;3 shows a schematic diagram of some embodiments of an apparatus for encrypting and decrypting data of the present disclosure;

图4示出本公开的数据的加密装置和解密装置的另一些实施例的示意图;FIG. 4 shows a schematic diagram of other embodiments of the data encryption device and decryption device of the present disclosure;

图5示出本公开的数据的传输系统的一些实施例的示意图;Figure 5 shows a schematic diagram of some embodiments of the data transmission system of the present disclosure;

图6示出本公开的数据的传输系统的另一些实施例的示意图;6 shows a schematic diagram of other embodiments of the data transmission system of the present disclosure;

图7示出本公开的数据的加密装置的一些实施例的框图;7 illustrates a block diagram of some embodiments of an apparatus for encrypting data of the present disclosure;

图8示出本公开的数据的解密装置的一些实施例的框图;8 illustrates a block diagram of some embodiments of a decryption apparatus for data of the present disclosure;

图9示出本公开的电子设备的一些实施例的框图;9 illustrates a block diagram of some embodiments of electronic devices of the present disclosure;

图10示出本公开的电子设备的另一些实施例的框图;10 illustrates a block diagram of further embodiments of the electronic device of the present disclosure;

图11示出本公开的数据的传输系统的一些实施例的框图。Figure 11 shows a block diagram of some embodiments of the data transmission system of the present disclosure.

具体实施方式Detailed ways

现在将参照附图来详细描述本公开的各种示例性实施例。应注意到:除非另外具体说明,否则在这些实施例中阐述的部件和步骤的相对布置、数字表达式和数值不限制本公开的范围。Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.

同时,应当明白,为了便于描述,附图中所示出的各个部分的尺寸并不是按照实际的比例关系绘制的。Meanwhile, it should be understood that, for the convenience of description, the dimensions of various parts shown in the accompanying drawings are not drawn in an actual proportional relationship.

以下对至少一个示例性实施例的描述实际上仅仅是说明性的,决不作为对本公开及其应用或使用的任何限制。The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application or uses in any way.

对于相关领域普通技术人员已知的技术、方法和设备可能不作详细讨论,但在适当情况下,所述技术、方法和设备应当被视为授权说明书的一部分。Techniques, methods, and devices known to those of ordinary skill in the relevant art may not be discussed in detail, but where appropriate, such techniques, methods, and devices should be considered part of the authorized description.

在这里示出和讨论的所有示例中,任何具体值应被解释为仅仅是示例性的,而不是作为限制。因此,示例性实施例的其它示例可以具有不同的值。In all examples shown and discussed herein, any specific value should be construed as illustrative only and not as limiting. Accordingly, other examples of exemplary embodiments may have different values.

应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步讨论。It should be noted that like numerals and letters refer to like items in the following figures, so once an item is defined in one figure, it does not require further discussion in subsequent figures.

如前所述,密钥生成无法实现动态改变,且需要通过总线发送给相关方进行存储,会造成通信安全性低。而且,密钥的传输还占用了有限的总线带宽和存储资源,对数据通信稳定性和嵌入式存储带来不利影响。As mentioned above, the key generation cannot be dynamically changed, and it needs to be sent to the relevant parties through the bus for storage, which will result in low communication security. Moreover, the transmission of the key also occupies limited bus bandwidth and storage resources, which adversely affects the stability of data communication and embedded storage.

针对上述技术问题,本公开在总线数据形成后根据数据特征生成动态密钥。这样,不需要在设备中存储密钥,节省了有限的嵌入式存储资源。而且,密钥跟随数据帧数据的改变而改变,密钥和密文数据均不固定,提高了数据安全性。In view of the above technical problems, the present disclosure generates a dynamic key according to data characteristics after the bus data is formed. In this way, there is no need to store keys in the device, saving limited embedded storage resources. Moreover, the key changes with the change of the data frame data, and neither the key nor the ciphertext data is fixed, which improves data security.

另外,针对动态密钥需要通信双方交互数据的技术问题,本公开的密钥在数据帧传输的过程中已经传输完成。也就是说,密钥隐藏在数据帧中,无需单独发送,从而有效降低总线负载,提高安全等级。例如,可以通过下方的实施例实现本公开的技术方案。In addition, in view of the technical problem that the dynamic key needs to exchange data between the two communication parties, the key disclosed in the present disclosure has been transmitted during the transmission of the data frame. That is to say, the key is hidden in the data frame and does not need to be sent separately, thereby effectively reducing the bus load and improving the security level. For example, the technical solutions of the present disclosure can be implemented through the following embodiments.

图1示出本公开的数据的加密方法的一些实施例的流程图。FIG. 1 shows a flowchart of some embodiments of the encryption method of data of the present disclosure.

如图1所示,加密方法包括:步骤110,根据明文数据帧特征生成密钥;步骤120,利用密钥获取密文数据帧;和步骤130,发送密文数据帧。As shown in FIG. 1 , the encryption method includes: step 110 , generating a key according to the characteristics of the plaintext data frame; step 120 , obtaining the ciphertext data frame by using the key; and step 130 , sending the ciphertext data frame.

在步骤110中,根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥。In step 110, a key is generated by using a key generation algorithm according to the data frame characteristics of the extracted plaintext data frame.

在一些实施例中,根据提取的明文数据帧中至少一个数据段的数据帧特征,生成密钥。明文数据帧和密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、CRC段、ACK段、帧结束段中的至少一项。In some embodiments, the key is generated according to the data frame characteristics of at least one data segment in the extracted plaintext data frame. The data segments of the plaintext data frame and the ciphertext data frame include at least one of a frame start segment, an arbitration segment, a control segment, a data segment, a CRC segment, an ACK segment, and a frame end segment.

例如,数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、CAN-ID中的至少一项。For example, the data frame characteristics include the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, and at least one item of CAN-ID.

在步骤120中,利用密钥,对明文数据帧进行加密以获取密文数据帧。密文数据帧的数据帧特征与明文数据帧的数据帧特征具有映射关系。In step 120, using the key, the plaintext data frame is encrypted to obtain the ciphertext data frame. The data frame characteristics of the ciphertext data frame and the data frame characteristics of the plaintext data frame have a mapping relationship.

在一些实施例中,映射关系包括:密文数据帧的数据帧特征与明文数据帧的数据帧特征相同;或者密文数据帧的数据帧特征经变换后与明文数据帧的数据帧特征相同。In some embodiments, the mapping relationship includes: the data frame characteristics of the ciphertext data frame are the same as the data frame characteristics of the plaintext data frame; or the data frame characteristics of the ciphertext data frame after transformation are the same as the data frame characteristics of the plaintext data frame.

在一些实施例中,可根据多种数据帧特征生成密钥。使用生成的密钥对数据进行加密运算处理。加密运算处理后密文的数据帧特征与明文的数据帧特征保持不变。或者密文的数据帧特征依据预设变换方式处理后能够得到明文的数据帧特征。这样,解密方能够通过密文重新提取出该密钥。In some embodiments, keys may be generated based on various data frame characteristics. Use the generated key to encrypt the data. After the encryption operation, the data frame characteristics of the ciphertext and the data frame characteristics of the plaintext remain unchanged. Or the data frame feature of the ciphertext can be obtained by processing the data frame feature of the plaintext according to a preset transformation method. In this way, the decryptor can re-extract the key through the ciphertext.

在一些实施例中,加密过程可以分为多步进行,每一步都进行密钥提取和加密运算,形成最终密文。例如,可以利用明文的数据帧特征生成第一密钥,并利用第一密钥加密生成第一密文;利用第一密文的数据帧特征生成第二密钥,并利用第二密钥加密生成第二密文;重复上述步骤,直到满足迭代条件以生成最终密文。In some embodiments, the encryption process may be performed in multiple steps, and each step performs key extraction and encryption operations to form the final ciphertext. For example, the first key can be generated by using the data frame characteristics of the plaintext, and the first ciphertext can be generated by using the first key encryption; the second key can be generated by using the data frame characteristics of the first ciphertext, and encrypted using the second key Generate a second ciphertext; repeat the above steps until the iterative conditions are met to generate the final ciphertext.

在步骤130中,将密文数据帧发送给解密装置,以便解密装置根据映射关系、密钥生成算法对密文数据帧进行解密。In step 130, the ciphertext data frame is sent to the decryption device, so that the decryption device decrypts the ciphertext data frame according to the mapping relationship and the key generation algorithm.

在一些实施例中,将采集的数据数据处理为CAN数据帧作为明文数据帧;通过CAN总线将密文数据帧发送给解密装置。In some embodiments, the collected data is processed into CAN data frames as plaintext data frames; the ciphertext data frames are sent to the decryption device through the CAN bus.

图2示出本公开的数据的解密方法的一些实施例的流程图。FIG. 2 shows a flowchart of some embodiments of the decryption method of data of the present disclosure.

如图2所示,该解密方法包括:步骤210,接收密文数据帧;步骤220,确定明文数据帧特征;步骤230,根据明文数据帧特征生成密钥;和步骤240,获取明文数据帧。As shown in FIG. 2, the decryption method includes: step 210, receiving a ciphertext data frame; step 220, determining the characteristics of the plaintext data frame; step 230, generating a key according to the characteristics of the plaintext data frame; and step 240, acquiring the plaintext data frame.

在步骤210中,接收加密装置发来的密文数据帧。密文数据帧的数据帧特征与相应的明文数据帧的数据帧特征具有映射关系。In step 210, the ciphertext data frame sent by the encryption device is received. The data frame feature of the ciphertext data frame has a mapping relationship with the data frame feature of the corresponding plaintext data frame.

在步骤220中,根据提取的密文数据帧的数据帧特征,利用映射关系,确定明文数据帧的数据帧特征。例如,通信双方可以在信息数据通信前协商密钥提取方法(包括映射关系)和数据加密算法,使得双方的加解密方法保持一致。In step 220, according to the data frame characteristics of the extracted ciphertext data frame, the data frame characteristics of the plaintext data frame are determined by using the mapping relationship. For example, the two communicating parties can negotiate a key extraction method (including a mapping relationship) and a data encryption algorithm before information and data communication, so that the encryption and decryption methods of the two parties are consistent.

在步骤230中,根据明文数据帧的数据帧特征,利用密钥生成算法,生成密钥。In step 230, a key is generated by using a key generation algorithm according to the data frame characteristics of the plaintext data frame.

在步骤240中,利用密钥,对密文数据帧进行解密以获取明文数据帧。In step 240, using the key, the ciphertext data frame is decrypted to obtain the plaintext data frame.

在一些实施例中,解密过程可以分为多步进行,每一步都进行密钥提取和解密运算,形成最终明文。例如,可以利用密文的数据帧特征生成第一密钥,并利用第一密钥解密生成第一明文;利用第一明文的数据帧特征生成第二密钥,并利用第二密钥解密生成第二明文;重复上述步骤,直到满足迭代条件以生成最终明文。迭代条件(如迭代次数)可以在进行数据通信前由通信双方协商。In some embodiments, the decryption process may be performed in multiple steps, and each step performs key extraction and decryption operations to form the final plaintext. For example, the first key can be generated by using the data frame characteristics of the ciphertext, and the first plaintext can be generated by decrypting the first key; the second key can be generated by using the data frame characteristics of the first plaintext, and the second key can be decrypted to generate Second plaintext; repeat the above steps until the iterative conditions are met to generate the final plaintext. Iterative conditions (such as the number of iterations) can be negotiated by both parties before data communication.

在一些实施例中,将获取的明文数据帧,输出给相关部件,以便相关部件进行相应处理。In some embodiments, the acquired plaintext data frame is output to the relevant component, so that the relevant component can perform corresponding processing.

图3示出本公开的数据的加密装置和解密装置的一些实施例的示意图。3 shows a schematic diagram of some embodiments of an apparatus for encrypting and decrypting data of the present disclosure.

如图3所示,加密装置中的加密模块可以包括明文数据密钥提取单元和数据加密单元。解密装置中的解密模块可以包括密文数据密钥提取单元和数据解密单元。As shown in FIG. 3 , the encryption module in the encryption device may include a plaintext data key extraction unit and a data encryption unit. The decryption module in the decryption device may include a ciphertext data key extraction unit and a data decryption unit.

在一些实施例中,发送方通过数据采集等方式形成待发送的明文数据(CAN明文数据帧)。明文数据密钥提取单元对明文的数据帧特征进行提取,生成用于数据加密的密钥。通过数据加密单元,将密钥与明文数据结合进行数据变换以获取密文数据(CAN密文数据)。发送方将密文数据通过CAN总线发送给接收方。In some embodiments, the sender forms plaintext data to be sent (CAN plaintext data frame) by means of data collection or the like. The plaintext data key extraction unit extracts the data frame features of the plaintext to generate a key for data encryption. Through the data encryption unit, the key is combined with the plaintext data to perform data transformation to obtain ciphertext data (CAN ciphertext data). The sender sends the ciphertext data to the receiver through the CAN bus.

在一些实施例中,接收方从CAN总线接收密文数据。密文数据密钥提取单元对密文的数据帧特征进行提取,生成用于数据解密的密钥。通过数据解密单元,将密钥与密文数据结合进行数据变换以获取明文数据。对明文数据进行相关处理,向相关部件输出相应信号。In some embodiments, the recipient receives ciphertext data from the CAN bus. The ciphertext data key extraction unit extracts the data frame features of the ciphertext to generate a key for data decryption. Through the data decryption unit, the key is combined with the ciphertext data to perform data transformation to obtain plaintext data. Correlative processing is performed on plaintext data, and corresponding signals are output to related components.

图4示出本公开的数据的加密装置和解密装置的另一些实施例的示意图。FIG. 4 shows a schematic diagram of other embodiments of the apparatus for encrypting and decrypting data of the present disclosure.

如图4所示,加密装置和解密装置均可以集成到ECU(Electronic Control Unit,电子控制单元)中作为数据传输装置作为数据传输中的发送方或接收方。As shown in FIG. 4 , both the encryption device and the decryption device can be integrated into an ECU (Electronic Control Unit, electronic control unit) as a data transmission device as a sender or receiver in data transmission.

在一些实施例中,ECU可以包括MCU(Micro Control Unit,微控制单元)控制模块、数据采集模块、CAN收发模块、数据输出模块、电源模块等。加密模块和解密模块中的至少一个可以集成在MCU控制模块中。In some embodiments, the ECU may include an MCU (Micro Control Unit, micro control unit) control module, a data acquisition module, a CAN transceiver module, a data output module, a power supply module, and the like. At least one of the encryption module and the decryption module may be integrated in the MCU control module.

例如,作为发送方的ECU的数据采集模块采集相关数据,经MCU控制模块处理后形成CAN数据帧。MCU控制模块根据提取的CAN数据帧特征,利用密钥生成方法生成密钥。MCU控制模块经过单次或多次加密处理生成密文。CAN收发模块将密文发送至接收方。For example, the data acquisition module of the ECU as the sender collects relevant data, and forms a CAN data frame after being processed by the MCU control module. The MCU control module uses the key generation method to generate a key according to the extracted CAN data frame characteristics. The MCU control module generates ciphertext through single or multiple encryption processing. The CAN transceiver module sends the ciphertext to the receiver.

例如,作为接收方的ECU的CAN收发模块接收密文,传输至MCU控制模块。MCU控制模块根据提取的密文数据帧特征,利用与发送方相同的密钥生成方法生成密钥。MCU控制模块经过单次或多次解密处理得到明文。数据输出模块根据明文生成的相应信号驱动相关部件工作。For example, the CAN transceiver module of the receiver ECU receives the ciphertext and transmits it to the MCU control module. The MCU control module uses the same key generation method as the sender to generate a key according to the extracted ciphertext data frame characteristics. The MCU control module obtains the plaintext through single or multiple decryption processing. The data output module drives the relevant components to work according to the corresponding signal generated by the plaintext.

图5示出本公开的数据的传输系统的一些实施例的示意图。FIG. 5 shows a schematic diagram of some embodiments of the data transmission system of the present disclosure.

如图5所示,CAN总线通信网络中的数据的传输系统可以包括多个ECU。例如,数据的传输系统包括3个ECU(ECU1、ECU2、ECU3)、2个终端电阻(如120Ω)。As shown in FIG. 5 , the data transmission system in the CAN bus communication network may include multiple ECUs. For example, the data transmission system includes 3 ECUs (ECU1, ECU2, ECU3) and 2 terminating resistors (eg 120Ω).

每个ECU即可以作为发送方(包含加密装置)也可以作为接收方(包含解密装置)。也就是说,每个ECU既向CAN总线发送密文数据,也从CAN总线接收密文数据。Each ECU can either act as a sender (including an encryption device) or as a receiver (including a decryption device). That is, each ECU not only sends ciphertext data to the CAN bus, but also receives ciphertext data from the CAN bus.

每个ECU均通过CAN_H(高位数据线)和CAN_L(低位数据线)与CAN总线连接。CAN总线上交互的数据均为加密数据,且密钥统一。这样,既没有增加总线数据量,又提高了安全等级;Each ECU is connected to the CAN bus through CAN_H (high data line) and CAN_L (low data line). The data exchanged on the CAN bus is encrypted data, and the key is unified. In this way, the amount of bus data is not increased, and the security level is improved;

在上述实施例中,数据的传输系统包含若干ECU,各ECU具有数据加解密系统中对ECU要求的相关模块。各ECU之间的通信均为加密通信,遵循密钥提取原则。In the above embodiment, the data transmission system includes several ECUs, and each ECU has the relevant modules required by the ECU in the data encryption and decryption system. The communication between each ECU is encrypted communication, following the principle of key extraction.

对于不同的ECU,由于其各段的数据不同(如采用不同的CAN-ID、发送不同的数据等),其提取的密钥也不相同。对于同一个ECU,利用不同的数据帧提取的密钥也不相同。For different ECUs, due to the different data in each segment (such as using different CAN-IDs, sending different data, etc.), the extracted keys are also different. For the same ECU, the keys extracted from different data frames are also different.

这样,数据的传输系统在通信过程中同时存在多组密钥,达到使用动态密钥进行加解密的目的,提高了安全性。而且,密钥不需要在总线中传输,不会增加总线负载。In this way, multiple sets of keys exist simultaneously in the data transmission system during the communication process, so as to achieve the purpose of using the dynamic key for encryption and decryption, and improve the security. Also, the keys do not need to be transmitted on the bus, which does not increase the bus load.

图6示出本公开的数据的传输系统的另一些实施例的示意图。FIG. 6 shows a schematic diagram of other embodiments of the data transmission system of the present disclosure.

如图6所示,数据的传输系统上电后,进行程序初始化。As shown in Figure 6, after the data transmission system is powered on, program initialization is performed.

在步骤610中,判断是否接收到需要处理的加密数据。如果未接收到,则执行步骤620,进入数据采集及处理程序;如果接收到了,则执行步骤660,进入解密密钥提取程序。In step 610, it is determined whether encrypted data to be processed is received. If not received, step 620 is executed to enter the data collection and processing program; if received, step 660 is executed to enter the decryption key extraction program.

在步骤620中,进行数据采集,并将采集到的数据处理为CAN总线数据帧。In step 620, data collection is performed, and the collected data is processed into a CAN bus data frame.

在步骤630中,根据提取的数据帧特征,生成加密密钥。In step 630, an encryption key is generated according to the extracted data frame features.

在步骤640中,利用加密密钥对CAN总线数据帧进行加密,以获取加密数据。In step 640, the CAN bus data frame is encrypted with an encryption key to obtain encrypted data.

在步骤650中,利用CAN总线向接收方发送加密数据。In step 650, the encrypted data is sent to the receiver using the CAN bus.

在步骤660中,提取加密数据的数据帧特征,生成解密密钥。In step 660, the data frame features of the encrypted data are extracted to generate a decryption key.

在步骤670中,利用解密密钥对加密数据进行解密,以获取CAN总线数据帧。In step 670, the encrypted data is decrypted using the decryption key to obtain the CAN bus data frame.

在步骤680中,将CAN总线数据帧处理为相关信号后输出给相关部件。In step 680, the CAN bus data frame is processed into related signals and then output to related components.

上述实施例中,针对通信安全问题,通过对数据进行特征分析和数据提取,生成加解密密钥。由于密钥隐藏在数据中,跟随数据一起在网络上传播,因此不需要单独发送,不占用总线带宽资源。In the above embodiment, in view of the communication security problem, the encryption and decryption keys are generated by performing feature analysis and data extraction on the data. Since the key is hidden in the data and propagated on the network along with the data, it does not need to be sent separately and does not occupy the bus bandwidth resources.

而且,密钥数据不需要单独存储,节省了硬件资源。密钥为根据数据提取生成,在数据改变时跟随数据变化,实现了动态密钥加密,提高了加密的安全性。Moreover, key data does not need to be stored separately, saving hardware resources. The key is generated according to data extraction and follows the data change when the data changes, which realizes dynamic key encryption and improves the security of encryption.

图7示出本公开的数据的加密装置的一些实施例的框图。7 illustrates a block diagram of some embodiments of an apparatus for encrypting data of the present disclosure.

如图7所示,数据的加密装置7包括加密模块71、发送模块72。As shown in FIG. 7 , the data encryption device 7 includes an encryption module 71 and a transmission module 72 .

加密模块71根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥。加密模块71利用密钥,对明文数据帧进行加密以获取密文数据帧。密文数据帧的数据帧特征与明文数据帧的数据帧特征具有映射关系。The encryption module 71 uses a key generation algorithm to generate a key according to the data frame characteristics of the extracted plaintext data frame. The encryption module 71 uses the key to encrypt the plaintext data frame to obtain the ciphertext data frame. The data frame characteristics of the ciphertext data frame and the data frame characteristics of the plaintext data frame have a mapping relationship.

发送模块72将密文数据帧发送给解密装置,以便解密装置根据映射关系、密钥生成算法对密文数据帧进行解密。The sending module 72 sends the ciphertext data frame to the decryption device, so that the decryption device decrypts the ciphertext data frame according to the mapping relationship and the key generation algorithm.

在一些实施例中,加密模块71根据提取的明文数据帧中至少一个数据段的数据帧特征,生成密钥。明文数据帧和密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、CRC段、ACK段、帧结束段中的至少一项。In some embodiments, the encryption module 71 generates a key according to the data frame characteristics of at least one data segment in the extracted plaintext data frame. The data segments of the plaintext data frame and the ciphertext data frame include at least one of a frame start segment, an arbitration segment, a control segment, a data segment, a CRC segment, an ACK segment, and a frame end segment.

在一些实施例中,数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、CAN-ID中的至少一项。In some embodiments, the data frame characteristics include at least one of the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, and CAN-ID.

在一些实施例中,映射关系包括:密文数据帧的数据帧特征与明文数据帧的数据帧特征相同;或者密文数据帧的数据帧特征经变换后与明文数据帧的数据帧特征相同。In some embodiments, the mapping relationship includes: the data frame characteristics of the ciphertext data frame are the same as the data frame characteristics of the plaintext data frame; or the data frame characteristics of the ciphertext data frame after transformation are the same as the data frame characteristics of the plaintext data frame.

在一些实施例中,发送模块72通过CAN总线将密文数据帧发送给解密装置。In some embodiments, the sending module 72 sends the ciphertext data frame to the decryption device through the CAN bus.

在一些实施例中,加密装置7还包括数据采集模块73采集待传输数据。加密模块71将待传输数据处理为CAN数据帧作为明文数据帧。In some embodiments, the encryption device 7 further includes a data collection module 73 to collect the data to be transmitted. The encryption module 71 processes the data to be transmitted into CAN data frames as plaintext data frames.

图8示出本公开的数据的解密装置的一些实施例的框图。8 shows a block diagram of some embodiments of a decryption apparatus for data of the present disclosure.

如图8所示,数据的解密装置8包括解密模块81、接收模块82。As shown in FIG. 8 , the data decryption device 8 includes a decryption module 81 and a receiving module 82 .

接收模块82接收加密装置发来的密文数据帧。密文数据帧的数据帧特征与相应的明文数据帧的数据帧特征具有映射关系。The receiving module 82 receives the ciphertext data frame sent by the encryption device. The data frame feature of the ciphertext data frame has a mapping relationship with the data frame feature of the corresponding plaintext data frame.

解密模块81根据提取的密文数据帧的数据帧特征,利用映射关系,确定明文数据帧的数据帧特征。解密模块81根据明文数据帧的数据帧特征,利用密钥生成算法,生成密钥。解密模块81利用密钥,对密文数据帧进行解密以获取明文数据帧。The decryption module 81 uses the mapping relationship to determine the data frame characteristics of the plaintext data frame according to the data frame characteristics of the extracted ciphertext data frame. The decryption module 81 uses a key generation algorithm to generate a key according to the data frame characteristics of the plaintext data frame. The decryption module 81 uses the key to decrypt the ciphertext data frame to obtain the plaintext data frame.

在一些实施例中,解密模块81根据明文数据帧中至少一个数据段的数据帧特征,生成密钥。明文数据帧和密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、CRC段、ACK段、帧结束段中的至少一项。In some embodiments, the decryption module 81 generates the key according to the data frame characteristics of at least one data segment in the plaintext data frame. The data segments of the plaintext data frame and the ciphertext data frame include at least one of a frame start segment, an arbitration segment, a control segment, a data segment, a CRC segment, an ACK segment, and a frame end segment.

在一些实施例中,数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、CAN-ID中的至少一项。In some embodiments, the data frame characteristics include at least one of the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, and CAN-ID.

在一些实施例中,映射关系包括:密文数据帧的数据帧特征与明文数据帧的数据帧特征相同;或者密文数据帧的数据帧特征经变换后与明文数据帧的数据帧特征相同。In some embodiments, the mapping relationship includes: the data frame characteristics of the ciphertext data frame are the same as the data frame characteristics of the plaintext data frame; or the data frame characteristics of the ciphertext data frame after transformation are the same as the data frame characteristics of the plaintext data frame.

在一些实施例中,解密装置8还包括数据输出模块83,用于将获取的明文数据帧,输出给相关部件,以便相关部件进行相应处理。In some embodiments, the decryption apparatus 8 further includes a data output module 83, configured to output the acquired plaintext data frame to the relevant components, so that the relevant components can perform corresponding processing.

图9示出本公开的电子设备的一些实施例的框图。9 illustrates a block diagram of some embodiments of electronic devices of the present disclosure.

如图9所示,该实施例的电子设备9包括:存储器91以及耦接至该存储器91的处理器92,处理器92被配置为基于存储在存储器91中的指令,执行本公开中任意一个实施例中的数据的加密方法,或者数据的解密方法。As shown in FIG. 9 , the electronic device 9 of this embodiment includes a memory 91 and a processor 92 coupled to the memory 91 , and the processor 92 is configured to execute any one of the present disclosure based on instructions stored in the memory 91 The data encryption method in the embodiment, or the data decryption method.

其中,存储器91例如可以包括系统存储器、固定非易失性存储介质等。系统存储器例如存储有操作系统、应用程序、引导装载程序(Boot Loader)、数据库以及其他程序等。The memory 91 may include, for example, a system memory, a fixed non-volatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a boot loader (Boot Loader), a database, and other programs.

图10示出本公开的电子设备的另一些实施例的框图。10 illustrates a block diagram of further embodiments of the electronic device of the present disclosure.

如图10所示,该实施例的电子设备10包括:存储器U10以及耦接至该存储器U10的处理器U20,处理器U20被配置为基于存储在存储器U10中的指令,执行前述任意一个实施例中的数据的加密方法,或者数据的解密方法。As shown in FIG. 10 , the electronic device 10 of this embodiment includes: a memory U10 and a processor U20 coupled to the memory U10, and the processor U20 is configured to execute any one of the foregoing embodiments based on instructions stored in the memory U10 The encryption method of the data in, or the decryption method of the data.

存储器U10例如可以包括系统存储器、固定非易失性存储介质等。系统存储器例如存储有操作系统、应用程序、引导装载程序(Boot Loader)以及其他程序等。The memory U10 may include, for example, a system memory, a fixed non-volatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a boot loader (Boot Loader), and other programs.

电子设备10还可以包括输入输出接口U30、网络接口U40、存储接口U50等。这些接口U30、U40、U50以及存储器U10和处理器U20之间例如可以通过总线U60连接。其中,输入输出接口U30为显示器、鼠标、键盘、触摸屏、麦克、音箱等输入输出设备提供连接接口。网络接口840为各种联网设备提供连接接口。存储接口U50为SD卡、U盘等外置存储设备提供连接接口。The electronic device 10 may further include an input/output interface U30, a network interface U40, a storage interface U50, and the like. These interfaces U30, U40, U50 and the memory U10 and the processor U20 can be connected, for example, through a bus U60. The input and output interface U30 provides connection interfaces for input and output devices such as a display, a mouse, a keyboard, a touch screen, a microphone, and a speaker. Network interface 840 provides a connection interface for various networked devices. The storage interface U50 provides a connection interface for external storage devices such as SD cards and U disks.

图11示出本公开的数据的传输系统的一些实施例的框图。FIG. 11 shows a block diagram of some embodiments of the data transmission system of the present disclosure.

如图11所示,数据的传输系统11包括至少一个第一数据传输装置U111、至少一个第二数据传输装置U112。As shown in FIG. 11 , the data transmission system 11 includes at least one first data transmission device U111 and at least one second data transmission device U112.

第一数据传输装置U111包括上述任一个实施例中的数据的加密装置或者电子设备。The first data transmission device U111 includes the data encryption device or electronic device in any of the above embodiments.

第二数据传输装置U112包括上述任一个实施例中的数据的解密装置或者电子设备。The second data transmission device U112 includes the data decryption device or electronic device in any of the above embodiments.

本领域内的技术人员应当明白,本公开的实施例可提供为方法、系统、或计算机程序产品。因此,本公开可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本公开可采用在一个或多个其中包含有计算机可用程序代码的计算机可用非瞬时性存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein .

至此,已经详细描述了根据本公开的数据的加密方法、数据的加密装置、数据的解密方法、数据的解密装置、电子设备、数据的传输系统和非易失性计算机可读存储介质。为了避免遮蔽本公开的构思,没有描述本领域所公知的一些细节。本领域技术人员根据上面的描述,完全可以明白如何实施这里公开的技术方案。So far, the data encryption method, data encryption apparatus, data decryption method, data decryption apparatus, electronic device, data transmission system, and nonvolatile computer-readable storage medium according to the present disclosure have been described in detail. Some details that are well known in the art are not described in order to avoid obscuring the concept of the present disclosure. Those skilled in the art can fully understand how to implement the technical solutions disclosed herein based on the above description.

可能以许多方式来实现本公开的方法和系统。例如,可通过软件、硬件、固件或者软件、硬件、固件的任何组合来实现本公开的方法和系统。用于所述方法的步骤的上述顺序仅是为了进行说明,本公开的方法的步骤不限于以上具体描述的顺序,除非以其它方式特别说明。此外,在一些实施例中,还可将本公开实施为记录在记录介质中的程序,这些程序包括用于实现根据本公开的方法的机器可读指令。因而,本公开还覆盖存储用于执行根据本公开的方法的程序的记录介质。The methods and systems of the present disclosure may be implemented in many ways. For example, the methods and systems of the present disclosure may be implemented in software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure can also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.

虽然已经通过示例对本公开的一些特定实施例进行了详细说明,但是本领域的技术人员应该理解,以上示例仅是为了进行说明,而不是为了限制本公开的范围。本领域的技术人员应该理解,可在不脱离本公开的范围和精神的情况下,对以上实施例进行修改。本公开的范围由所附权利要求来限定。While some specific embodiments of the present disclosure have been described in detail by way of examples, those skilled in the art will appreciate that the above examples are provided for illustration only, and are not intended to limit the scope of the present disclosure. Those skilled in the art will appreciate that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (17)

1.一种数据的加密方法,包括:1. A data encryption method, comprising: 根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥;According to the data frame characteristics of the extracted plaintext data frame, a key generation algorithm is used to generate a key; 利用所述密钥,对所述明文数据帧进行加密以获取密文数据帧,所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征具有映射关系;Using the key, the plaintext data frame is encrypted to obtain a ciphertext data frame, and the data frame feature of the ciphertext data frame has a mapping relationship with the data frame feature of the plaintext data frame; 将所述密文数据帧发送给解密装置,以便所述解密装置根据所述映射关系、所述密钥生成算法对所述密文数据帧进行解密。Sending the ciphertext data frame to a decryption device, so that the decryption device decrypts the ciphertext data frame according to the mapping relationship and the key generation algorithm. 2.根据权利要求1所述的加密方法,其中,所述根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥包括:2. The encryption method according to claim 1, wherein, according to the data frame feature of the extracted plaintext data frame, using a key generation algorithm, the key generation comprises: 根据提取的明文数据帧中至少一个数据段的数据帧特征,生成所述密钥,所述明文数据帧和所述密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、循环冗余校验CRC段、应答ACK段、帧结束段中的至少一项。The key is generated according to the data frame characteristics of at least one data segment in the extracted plaintext data frame, and the data segments of the plaintext data frame and the ciphertext data frame include a frame start segment, an arbitration segment, a control segment, and a data segment. At least one of the segment, the cyclic redundancy check CRC segment, the response ACK segment, and the frame end segment. 3.根据权利要求1所述的加密方法,其中,3. The encryption method according to claim 1, wherein, 所述数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、控制器局域网络标识CAN-ID中的至少一项。The data frame features include at least one of the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, and the controller area network identification CAN-ID. 4.根据权利要求1所述的加密方法,其中,4. The encryption method according to claim 1, wherein, 所述映射关系包括:The mapping relationship includes: 所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征相同;或者The data frame characteristics of the ciphertext data frame are the same as the data frame characteristics of the plaintext data frame; or 所述密文数据帧的数据帧特征经变换后与所述明文数据帧的数据帧特征相同。The data frame characteristics of the ciphertext data frame after transformation are the same as the data frame characteristics of the plaintext data frame. 5.根据权利要求1-4任一项所述的加密方法,还包括:5. The encryption method according to any one of claims 1-4, further comprising: 将采集的数据数据处理为控制器局域网络CAN数据帧作为所述明文数据帧;Processing the collected data into a controller area network CAN data frame as the plaintext data frame; 其中,所述将所述密文数据帧发送给解密装置包括:Wherein, the sending the ciphertext data frame to the decryption device includes: 通过CAN总线将所述密文数据帧发送给所述解密装置。The ciphertext data frame is sent to the decryption device through the CAN bus. 6.一种数据的解密方法,包括:6. A method for decrypting data, comprising: 接收加密装置发来的密文数据帧,所述密文数据帧的数据帧特征与相应的明文数据帧的数据帧特征具有映射关系;Receive the ciphertext data frame sent by the encryption device, the data frame feature of the ciphertext data frame and the data frame feature of the corresponding plaintext data frame have a mapping relationship; 根据提取的密文数据帧的数据帧特征,利用所述映射关系,确定所述明文数据帧的数据帧特征;According to the data frame feature of the extracted ciphertext data frame, using the mapping relationship, determine the data frame feature of the plaintext data frame; 根据所述明文数据帧的数据帧特征,利用密钥生成算法,生成密钥;According to the data frame feature of the plaintext data frame, use a key generation algorithm to generate a key; 利用所述密钥,对所述密文数据帧进行解密以获取明文数据帧。Using the key, the ciphertext data frame is decrypted to obtain the plaintext data frame. 7.根据权利要求6所述的解密方法,其中,所述根据所述明文数据帧的数据帧特征,利用密钥生成算法,生成密钥包括:7. The decryption method according to claim 6, wherein, using a key generation algorithm according to the data frame feature of the plaintext data frame, the key generation comprises: 根据所述明文数据帧中至少一个数据段的数据帧特征,生成所述密钥,所述明文数据帧和所述密文数据帧的数据段包括帧起始段、仲裁段、控制段、数据段、循环冗余校验CRC段、应答ACK段、帧结束段中的至少一项。The key is generated according to the data frame characteristics of at least one data segment in the plaintext data frame, and the data segments of the plaintext data frame and the ciphertext data frame include a frame start segment, an arbitration segment, a control segment, and a data segment. At least one of the segment, the cyclic redundancy check CRC segment, the response ACK segment, and the frame end segment. 8.根据权利要求6所述的解密方法,其中,8. The decryption method according to claim 6, wherein, 所述数据帧特征包括数据帧的数据长度、数据帧中各数据段包含0的数量、数据帧中各数据段包含1的数量、控制器局域网络标识CAN-ID中的至少一项。The data frame features include at least one of the data length of the data frame, the number of 0s contained in each data segment in the data frame, the number of 1s contained in each data segment in the data frame, and the controller area network identification CAN-ID. 9.根据权利要求6所述的解密方法,其中,9. The decryption method according to claim 6, wherein, 所述映射关系包括:The mapping relationship includes: 所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征相同;或者The data frame characteristics of the ciphertext data frame are the same as the data frame characteristics of the plaintext data frame; or 所述密文数据帧的数据帧特征经变换后与所述明文数据帧的数据帧特征相同。The data frame characteristics of the ciphertext data frame after transformation are the same as the data frame characteristics of the plaintext data frame. 10.根据权利要求6-9任一项所述的解密方法,还包括:10. The decryption method according to any one of claims 6-9, further comprising: 将获取的所述明文数据帧,输出给相关部件,以便所述相关部件进行相应处理。The acquired plaintext data frame is output to the relevant component, so that the relevant component can perform corresponding processing. 11.一种数据的加密装置,包括:11. A data encryption device, comprising: 加密模块,用于根据提取的明文数据帧的数据帧特征,利用密钥生成算法,生成密钥,利用所述密钥,对所述明文数据帧进行加密以获取密文数据帧,所述密文数据帧的数据帧特征与所述明文数据帧的数据帧特征具有映射关系;The encryption module is used for generating a key according to the data frame characteristics of the extracted plaintext data frame, using a key generation algorithm, and using the key to encrypt the plaintext data frame to obtain a ciphertext data frame, the encrypted data frame. The data frame feature of the text data frame has a mapping relationship with the data frame feature of the plaintext data frame; 发送模块,用于将所述密文数据帧发送给解密装置,以便所述解密装置根据所述映射关系、所述密钥生成算法对所述密文数据帧进行解密。A sending module, configured to send the ciphertext data frame to a decryption device, so that the decryption device decrypts the ciphertext data frame according to the mapping relationship and the key generation algorithm. 12.根据权利要求11所述的加密装置,还包括:12. The encryption device of claim 11, further comprising: 数据采集模块,用于采集待传输数据;The data acquisition module is used to collect the data to be transmitted; 其中,所述加密模块将所述待传输数据处理为控制器局域网络CAN数据帧作为所述明文数据帧。Wherein, the encryption module processes the to-be-transmitted data into a controller area network CAN data frame as the plaintext data frame. 13.一种数据的解密装置,包括:13. A data decryption device, comprising: 接收模块,用于接收加密装置发来的密文数据帧,所述密文数据帧的数据帧特征与相应的明文数据帧的数据帧特征具有映射关系;a receiving module for receiving the ciphertext data frame sent by the encryption device, the data frame feature of the ciphertext data frame and the data frame feature of the corresponding plaintext data frame have a mapping relationship; 解密模块,用于根据提取的密文数据帧的数据帧特征,利用所述映射关系,确定所述明文数据帧的数据帧特征,根据所述明文数据帧的数据帧特征,利用密钥生成算法,生成密钥,利用所述密钥,对所述密文数据帧进行解密以获取明文数据帧。The decryption module is used for determining the data frame characteristics of the plaintext data frame according to the data frame characteristics of the extracted ciphertext data frame and using the mapping relationship, and using the key generation algorithm according to the data frame characteristics of the plaintext data frame. , generate a key, and use the key to decrypt the ciphertext data frame to obtain a plaintext data frame. 14.根据权利要求13所述的解密装置,还包括:14. The decryption device of claim 13, further comprising: 数据输出模块,用于将获取的所述明文数据帧,输出给相关部件,以便所述相关部件进行相应处理。The data output module is configured to output the acquired plaintext data frame to the relevant components, so that the relevant components can perform corresponding processing. 15.一种电子设备,包括:15. An electronic device comprising: 存储器;和memory; and 耦接至所述存储器的处理器,所述处理器被配置为基于存储在所述存储器中的指令,执行权利要求1-5任一项所述的数据的加密方法,或者权利要求6-10任一项所述的数据的解密方法。a processor coupled to the memory, the processor configured to perform the encryption method of data of any one of claims 1-5, or claims 6-10, based on instructions stored in the memory The decryption method of any one of the data. 16.一种非易失性计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现权利要求1-5任一项所述的数据的加密方法,或者权利要求6-10任一项所述的数据的解密方法。16. A non-volatile computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, implements the data encryption method of any one of claims 1-5, or claims 6- 10. The decryption method of any one of the data. 17.一种数据的传输系统,包括:17. A data transmission system, comprising: 至少一个第一数据传输装置,包括权利要求11或12所述的数据的加密装置或者权利要求15所述的电子设备;At least one first data transmission device, comprising the data encryption device of claim 11 or 12 or the electronic device of claim 15; 至少一个第二数据传输装置,包括权利要求13或14所述的数据的解密装置或者权利要求15所述的电子设备。At least one second data transmission device includes the data decryption device of claim 13 or 14 or the electronic device of claim 15 .
CN202010849238.7A 2020-08-21 2020-08-21 Data encryption method and device and data decryption method and device Active CN112003859B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010849238.7A CN112003859B (en) 2020-08-21 2020-08-21 Data encryption method and device and data decryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010849238.7A CN112003859B (en) 2020-08-21 2020-08-21 Data encryption method and device and data decryption method and device

Publications (2)

Publication Number Publication Date
CN112003859A true CN112003859A (en) 2020-11-27
CN112003859B CN112003859B (en) 2023-04-07

Family

ID=73473161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010849238.7A Active CN112003859B (en) 2020-08-21 2020-08-21 Data encryption method and device and data decryption method and device

Country Status (1)

Country Link
CN (1) CN112003859B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112788129A (en) * 2020-12-31 2021-05-11 江苏徐工工程机械研究院有限公司 Engineering machinery vehicle remote upgrading system and method
CN113259718A (en) * 2021-04-27 2021-08-13 深圳市锐明技术股份有限公司 Video stream encryption method and device, communication equipment and storage medium
CN113422984A (en) * 2021-06-10 2021-09-21 北京快乐茄信息技术有限公司 Video processing method and device, electronic equipment and storage medium
CN113489588A (en) * 2021-06-30 2021-10-08 湖南三一智能控制设备有限公司 Data processing method and device for working machine and working machine
CN115277049A (en) * 2022-06-01 2022-11-01 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data sending method, data receiving method and network equipment
CN115277050A (en) * 2022-06-01 2022-11-01 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data sending method, data receiving method and network equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065968A (en) * 2014-07-02 2014-09-24 哈尔滨海能达科技有限公司 Video data encryption method, video data decryption method, video data encryption device and video data decryption device
CN106231318A (en) * 2016-09-30 2016-12-14 浙江宇视科技有限公司 A kind of video scrambling method and device based on quantization transform coefficient
CN109714291A (en) * 2017-10-25 2019-05-03 普天信息技术有限公司 A kind of data transmission method and device
CN110557680A (en) * 2019-07-30 2019-12-10 视联动力信息技术股份有限公司 Audio and video data frame transmission method and system
CN110868398A (en) * 2019-10-17 2020-03-06 北京全路通信信号研究设计院集团有限公司 A method for encrypting a data frame, a method and device for decrypting
CN111222152A (en) * 2020-01-03 2020-06-02 上海达梦数据库有限公司 Data writing method, device, equipment and storage medium
CN111465006A (en) * 2020-04-08 2020-07-28 无锡职业技术学院 Beidou short message encryption and decryption method and communication system based on Zu Chongzhi algorithm

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065968A (en) * 2014-07-02 2014-09-24 哈尔滨海能达科技有限公司 Video data encryption method, video data decryption method, video data encryption device and video data decryption device
CN106231318A (en) * 2016-09-30 2016-12-14 浙江宇视科技有限公司 A kind of video scrambling method and device based on quantization transform coefficient
CN109714291A (en) * 2017-10-25 2019-05-03 普天信息技术有限公司 A kind of data transmission method and device
CN110557680A (en) * 2019-07-30 2019-12-10 视联动力信息技术股份有限公司 Audio and video data frame transmission method and system
CN110868398A (en) * 2019-10-17 2020-03-06 北京全路通信信号研究设计院集团有限公司 A method for encrypting a data frame, a method and device for decrypting
CN111222152A (en) * 2020-01-03 2020-06-02 上海达梦数据库有限公司 Data writing method, device, equipment and storage medium
CN111465006A (en) * 2020-04-08 2020-07-28 无锡职业技术学院 Beidou short message encryption and decryption method and communication system based on Zu Chongzhi algorithm

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112788129A (en) * 2020-12-31 2021-05-11 江苏徐工工程机械研究院有限公司 Engineering machinery vehicle remote upgrading system and method
CN113259718A (en) * 2021-04-27 2021-08-13 深圳市锐明技术股份有限公司 Video stream encryption method and device, communication equipment and storage medium
US12126711B2 (en) 2021-04-27 2024-10-22 Streamax Technology Co., Ltd. Method and device for encryption of video stream, communication equipment, and storage medium
CN113422984A (en) * 2021-06-10 2021-09-21 北京快乐茄信息技术有限公司 Video processing method and device, electronic equipment and storage medium
CN113422984B (en) * 2021-06-10 2022-10-14 北京快乐茄信息技术有限公司 Video processing method and device, electronic equipment and storage medium
WO2022257612A1 (en) * 2021-06-10 2022-12-15 北京快乐茄信息技术有限公司 Video processing methods and apparatus, electronic device, and storage medium
CN113489588A (en) * 2021-06-30 2021-10-08 湖南三一智能控制设备有限公司 Data processing method and device for working machine and working machine
CN115277049A (en) * 2022-06-01 2022-11-01 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data sending method, data receiving method and network equipment
CN115277050A (en) * 2022-06-01 2022-11-01 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data sending method, data receiving method and network equipment
CN115277049B (en) * 2022-06-01 2023-11-17 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data sending method, data receiving method and network equipment
CN115277050B (en) * 2022-06-01 2023-11-17 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Data transmission method, data receiving method and network equipment

Also Published As

Publication number Publication date
CN112003859B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN112003859A (en) Data encryption method and device and decryption method and device
CN109150499B (en) Method and device for dynamically encrypting data, computer equipment and storage medium
CN112311865B (en) File encryption transmission method and device
CN102185694A (en) Electronic file encrypting method and system based on fingerprint information
CN104270242B (en) A kind of ciphering and deciphering device for network data encryption transmission
CN107528690A (en) A kind of symmetrical encryption and decryption method and systems of SM4 for accelerating platform based on isomery
CN107465665A (en) A kind of file encryption-decryption method based on fingerprint identification technology
CN107612683A (en) A kind of encipher-decipher method, device, system, equipment and storage medium
US10037193B2 (en) Extracting entropy from mobile devices to generate random numbers
CN104038336A (en) Data encryption method based on 3DES
JP2012080152A (en) Encryption system, encryption apparatus, decryption apparatus, encryption system program and encryption method
CN109379177A (en) A kind of homomorphism cryptogram computation acceleration logic system and implementation method
CN114124364B (en) Key security processing method, device, equipment and computer readable storage medium
CN116962067A (en) Information encryption method, device and equipment
CN110690969A (en) Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties
CN101383825A (en) Method, apparatus and terminal implementing computer file ciphering
CN114430345A (en) A data transmission method, device, storage medium and electronic device
CN113992432A (en) Message processing method, message bus system, computer device, and storage medium
CN103902932A (en) Data encryption and decryption device and method for USB storage devices
CN113347144A (en) Method, system, equipment and storage medium for reciprocal data encryption
CN115580489B (en) Data transmission method, device, equipment and storage medium
JP2023083259A (en) Hybrid cloud-based security service method and apparatus for confidential data security
JP4912797B2 (en) ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, DECRYPTION METHOD, AND PROGRAM
WO2018054144A1 (en) Method, apparatus, device and system for dynamically generating symmetric key
CN113259438A (en) Method and device for sending model file and method and device for receiving model file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant